diff options
| author | Werner Koch <wk@gnupg.org> | 2020-01-09 12:00:50 +0100 |
|---|---|---|
| committer | Werner Koch <wk@gnupg.org> | 2020-01-09 12:00:50 +0100 |
| commit | ce5a7fb72b599de592a087867768ac1f81fd2989 (patch) | |
| tree | c3d6898129d91e641966249e61edbe575416cad5 /common | |
| parent | agent: SSH: SCD KEYINFO to list available keys. (diff) | |
| download | gnupg2-ce5a7fb72b599de592a087867768ac1f81fd2989.tar.xz gnupg2-ce5a7fb72b599de592a087867768ac1f81fd2989.zip | |
scd: Use a scdaemon internal key to protect the PIN cache IPC.
* agent/call-scd.c (handle_pincache_put): Do not decrypt.
(handle_pincache_get): New.
(inq_needpin): Call it.
* scd/command.c (set_key_for_pincache): New.
(pincache_put): Restructure and set key.
(pincache_get): Ditto.
--
This change does away with encrypting and decrypting the cached PIN in
the agent. There is no need for this we can simply cache the
cryptogram and let scdaemon decrypt after retrieving it from the
agent. This way we do not need to share a key between gpg-agent and
scdaemon and further the cached content is invalid after the scdaemon
process has been replaced.
Signed-off-by: Werner Koch <wk@gnupg.org>
Diffstat (limited to 'common')
| -rw-r--r-- | common/convert.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/common/convert.c b/common/convert.c index 54182e15b..1efaccedf 100644 --- a/common/convert.c +++ b/common/convert.c @@ -192,7 +192,7 @@ bin2hexcolon (const void *buffer, size_t length, char *stringbuf) On success the function returns a pointer to the next character after HEXSTRING (which is either end-of-string or the next white - space). If BUFLEN is not NULL the number of valid vytes in BUFFER + space). If BUFLEN is not NULL the number of valid bytes in BUFFER is stored there (an extra Nul byte is not counted); this will even be done if BUFFER has been passed as NULL. */ const char * |